Metropolitan Virus

Remember the last time I wrote about ransomware infection, back in September? Well, you know, they haven’t disappeared anywhere. There are still tons of ransomware infections around and Metropolitan Virus is just one of them. It is called Metropolitan Virus, because, you can see a message from the Metropolitan Police forces on its intmet_policeerface, when the fake notification is slapped across your screen. To be honest, I really hate these ransomware infections, because they are COUNTLESS and they are frustrating in a way that they lock you out of your desktop.

So imagine simply browsing the net one day, when you get infected with Reventon Trojan, that subsequently brings on Metropolitan Virus. The same Trojan is responsible for spreading Ukash Virus, FBI Moneypak Virus and other infections from the Ukash group. So there, once the Trojan is inside, it infects you with the ransomware program and POOF~! your desktop gets locked and all you see is a huge notification that – oh my gosh – your computer is locked because of illegal cyber activity:


This operating system is locked due to the violation of the laws of the United Kingdom! Following violations were detected:

This IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with Pornographic content, elements of violence and child pornography!

And on and on it goes about how terrible of a computer user you are, and how you must pay 100 pounds if you want to avoid being prosecuted, because if you do not do so, you might face an imprisonment sentence and all your data will be deleted.

Unlike fake antivirus programs that basically poke you into spilling the beans about your credit card numbers, Metropolitan Virus uses such alternative payment systems as Ukash and PaySafeCard to collect ransom fees, so it can target even those users that do not have bank accounts. Nasty little bugger. However, do you need to pay the 100 pound fee? ABSOLUTELY NOT.

Metropolitan Virus displays a fake message that you must ignore. You need to bypass the program’s defenses to terminate it, and this is how you do it:

For Windows Vista and Windows 7

  1. Reboot your computer.
  2. Tap F8 key repeatedly once the BIOS screen disappears.
  3. If Windows logo appears, restart the computer and try again.
  4. When Advanced Boot Options menu shows up, use arrow keys to navigate and select Safe Mode with Networking. Press Enter.
  5. Download an automatic malware removal tool and install it.

For Windows XP

  1. Follow the steps above from 1 to 4.
  2. Click Yes, when a confirmation message appears.
  3. Download the automatic malware removal tool.
  4. Go to Start Menu and click Run.
  5. Enter “msconfig” and click OK.
  6. When System Configuration Utility shows up, click Startup tab.
  7. Click “Disable All” and click OK. Exit the utility.
  8. Restart your computer normally.

I’d also recommend referring to a list of computer security related websites out there on the internet, that post manual removal instructions, if you think you can do it yourself. Although I wouldn’t go through that if I were you, because the Trojan that distributes Metropolitan Virus is really tricky. I think automatic removal would be a lot easier.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s